Find chapters in your area

Public Enemy No. 1 for Employers? Careless Cloud Users, Study Says

Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.

Page Content

Despite the cybersecurity risks involved, 1 in 5 employees:

Keep their passwords in plain sight (for example, on Post-it Notes on their desks).

Have accessed work files from a device that was not password-protected.

Have lost devices that weren’t password-protected.

That’s according to a new study by Softchoice, a North American IT solutions and managed services provider, which also found that employees using cloud-based apps (think Google Docs and Dropbox) “continue to display reckless technology habits that put their employers at risk.”

“Employees display a wide range of bad habits, from lax password security to rogue IT behavior. If something doesn’t change, organizations will be placed in an extremely vulnerable position,” David MacDonald, Softchoice’s president and CEO, stated in a news release. “Risky behavior and data vulnerabilities are almost guaranteed to persist if organizations don’t provide training and direction on cybersecurity best practices for the apps, platforms and IT tools employees use on a daily basis.”

Tech-savvy companies and their employees were eager to embrace the convenience of cloud-based computing in 2014. That’s when storing documents, photos and other information in the cloud became more prevalent because doing so allowed workers easier access to content from any device at any time and from anywhere.

Yet experts say such behaviors lead to data vulnerabilities. Some advocate for banning the use of personal cloud accounts for work but caution that doing so may impact morale and lead to lower employee engagement. Some believe a lot of the issues surrounding IT security could be mitigated if companies would train their employees on better online security habits—especially if workers are accessing company files from cloud-based services.

When employees are “downloading and using apps without IT’s knowledge, keeping passwords in plain view on Post-it Notes, and not password-protecting their mobile devices … [they’re] putting themselves and their employers at risk,” said Francis Li, vice president of Toronto-based Softchoice, in an interview with SHRM Online.

Softchoice polled 1,500 North American full-time employees to better understand their behavior when it comes to technology and how having access to cloud-based applications has impacted their behavior.

Among the study’s findings:

Younger app users are more likely to go rogue than their older counterparts. Thirty-one percent of Millennials have downloaded cloud apps without IT’s knowledge, while only 22 percent of Baby Boomers have done so. And 23 percent of Millennials have downloaded unauthorized apps, even though IT offered an approved version (compared to 13 percent of Baby Boomers).

Even though employees respect IT, they may not comply with the rules. “Seventy-one percent of employees believe IT works proactively to understand their business needs and 67 percent believe IT provides an optimal level of tech support,” the study stated. But this doesn’t stop employees from working around their IT departments, as evidenced by the behaviors noted in the study.

Experts and studies reveal that most companies have yet to embrace training staff on better online security habits.

MacDonald said, “By allocating time and resources for ongoing training and communication about cloud best practices, organizations can make a difference in their employees’ habits.”

Security training is paramount, according to Verizon’s 2016 Data Breach Investigations Report, because “cybercriminals are continuing to exploit human nature as they rely on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded.”

Aliah D. Wright is an online editor/manager for SHRM. You can reach her on Twitter @1SHRMScribe.

Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.